Vulnerabilities are often found in widely distributed and used software. Typically, once a vulnerability is discovered in an application, the application is updated to remove the vulnerability. This practice has become commonplace, not only for software developers and information technology professionals, but also for the end users who are often notified during the update process.
Libraries and other shared software resources provide a set of tools and resources which may be used by any number of applications on a computer. Libraries limit duplication of effort by software developers and regularize often implemented computer methods.
Unlike vulnerable applications, the extent of a vulnerability resulting from a vulnerable library is neither limited or immediately known. The extent is not limited because there is no limit to the number of applications or processes that may use the library and, as a result, may be compromised. And the extent is not known as developers of the library do not know what applications or processes are employing the library in the field and computer users do not typically keep track of the multitude of dependencies required by their installed software. Therefore, a particularly insidious and powerful security threat results when a shared software resource contains a vulnerability.
Therefore a need exists for methods and systems for identifying a vulnerable shared software resource on a computer and determining an extent to which the vulnerable resource has made the rest of the computer vulnerable to attack.